This will work as it does in conntrack; it won't pass NLM_F_ACK into ctnetlink_new_expect in the kernel, and will thus invoke ctnetlink_change_expect if the expectation already exists. Signed-off-by: Kelvie Wong <kelvie@xxxxxxxx> --- src/expect/api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/expect/api.c b/src/expect/api.c index 4da44a0..a101042 100644 --- a/src/expect/api.c +++ b/src/expect/api.c @@ -533,6 +533,9 @@ __build_query_exp(struct nfnl_subsys_handle *ssh, case NFCT_Q_CREATE: __build_expect(ssh, req, size, IPCTNL_MSG_EXP_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK|NLM_F_EXCL, data); break; + case NFCT_Q_CREATE_UPDATE: + __build_expect(ssh, req, size, IPCTNL_MSG_EXP_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK, data); + break; case NFCT_Q_GET: __build_expect(ssh, req, size, IPCTNL_MSG_EXP_GET, NLM_F_REQUEST|NLM_F_ACK, data); break; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
